For reference this is the documentation I used when we moved to 1607: https://technet.microsoft.com/en-us/itpro/windows/update/waas-manage-updates-configuration-manager
It seems that it contradicts the blog about dual scan. From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Hyatt, Dewayne Sent: Tuesday, April 11, 2017 10:43 AM To: mssms@lists.myitforum.com Subject: RE: [mssms] GPO Update Disable Manual MS checks Whoops… I had read that blog a while back but apparently not well enough. I am confused now though. I am using a GPO to define what branch our Windows 10 clients are in for Windows 10 servicing in SCCM. I thought that was the correct way to do it. I saw 1607 used different policies but it looked like it was doing the same thing. This blog said not to enable those policies. From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com] On Behalf Of Niall Brady Sent: Monday, April 10, 2017 3:37 PM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: Re: [mssms] GPO Update Disable Manual MS checks read this https://blogs.technet.microsoft.com/windowsserver/2017/01/09/why-wsus-and-sccm-managed-clients-are-reaching-out-to-microsoft-online/ dual scan is the cause On Mon, Apr 10, 2017 at 7:54 PM, Hyatt, Dewayne <dehy...@ufl.edu<mailto:dehy...@ufl.edu>> wrote: Sorry to hijack but this is somewhat relevant. Since we rolled out 1607 we have noticed machines are automatically getting updates from Microsoft update even though we have a GPO defining our SUP as the WSUS server. I was looking into blocking Microsoft update entirely (not sure that is what I want to do in our environment) and I ran across this thread. Has anyone else seen behavior like this? We’ve had a few different locations report this, then my own workstation did it this morning, at that point I started to believe them ☺. Thanks, Dewayne From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of Adam Juelich Sent: Thursday, March 30, 2017 8:46 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: Re: [mssms] GPO Update Disable Manual MS checks Yes, other than the GP setting to 'Disable Automatic Updates,' don't configure anything else related to it. There is the User-Side GP Setting: "Remove access to use all Windows Update features" That should do the trick. On Thu, Mar 30, 2017 at 7:12 AM, Daniel Ratliff <dratl...@humana.com<mailto:dratl...@humana.com>> wrote: Never configure any of your windows update settings with GPO, let SCCM handle that via local policy. I believe the setting you want is here for Win10: https://miketerrill.net/2016/10/11/disable-check-online-for-updates-from-microsoft-update-in-windows-10/ For Win7, we just disable the ability to check online: https://weikingteh.wordpress.com/2012/09/20/how-to-disable-the-check-online-for-updates-from-microsoft-update-link-in-the-windows-update-icon-in-control-panel/ Daniel Ratliff From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> [mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] On Behalf Of S ConfigMgr Sent: Thursday, March 30, 2017 12:12 AM To: mssms@lists.myitforum.com<mailto:mssms@lists.myitforum.com> Subject: [mssms] GPO Update Disable Manual MS checks Hello all, I have deployed SUP and Patching is working as expected. However my end users are able to use windows update, How can i block end users to stop installing patches from internet, I have windows 10 Enterprise and Professional Machines as end users. I have tried to deploy a group policy to disable Computer Configuration\Administrative Templates\Windows Components\Windows Update. 1. Find and double-click Configure Automatic Updates [0711 group policy step 3]<https://cms-images.idgesg.net/images/article/2016/06/0711-group-policy-step-3-100666831-orig.jpg> 2. In the resulting dialog box, select Enabled. 3. In the Options box, pull down the Configure automatic updating menu and select your preferred option. [0711 group policy step 4 and 5] 4. Still Updates are able to scan by user with ms site, How can I achieve this ? -- Thanks, ED The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information.
